Global ETD Search

101	Success factors and challenges in digital forensics for law enforcement : A Systematic Literature Review Cervantes, Milagros January 2021 (has links) Context: The widespread use of communication and digital technology in the society has affected the number of devices requiring analysis in criminal investigations. Additionally, the increase of storage volume, the diversity of digital devices, and the use of cloud environment introduce more complexities to the digital forensic domain. Objective: This work aims to supply a taxonomy of the main challenges and success factors faced in the digital forensic domain in law enforcement. Method: The chosen method for this research is a systematic literature review of studies with topics related to success factors and challenges in digital forensics for law enforcement. The candidate studies were 1,428 peer-reviewed scientific articles published between 2015 and 2021. Those studies were retrieved from five digital databases following a systematic process. From those candidate studies, twenty were selected as primary studies due to their relevance to the topic. After backward searching, eight other studies were also included in the group of primary studies. A total of twentyeight primary studies were analyzed by applying thematic coding. Furthermore, a survey of digital forensic practitioners from the Swedish Police was held to triangulate the results achieved with the systematic literature review. Digital forensics computer forensics success factors opportunities challenges issues law enforcement Information Systems, Social aspects
102	En modell för utformandet av biografiska ordböcker / A model for the design of biographical dictionaries Ginman, Johan January 2021 (has links) Every website, computer and IT system have users who need to verify their identity throughauthentication. The most common form of authentication today is to apply an alphanumericpassword. Passwords are often based on biographical information that can be derived from the userhimself and common elements that are usually utilized while creating passwords are names, petnames, family related, and date of birth. While passwords today are often based on the individual'sbiographical elements, the police have problems cracking encrypted devices because it takes a longtime and is complex to identify the correct password among all possible combinations. This problemis the basis for the work and is the reason why this model for how biographical dictionaries should bestructured and contain is created. To design the model, a literature review has been carried outwhere elements have been defined and a structure formed. Interviews with IT forensics from thepolice and NFC were then held to refine the different elements and structure of the initial model andto create a reality anchor. The result of this work is a product in the form of a model that can be usedto create biographical dictionaries based on target people. The model demonstrates whichbiographical elements are relevant for finding potential passwords. The conclusion drawn is that themodel can facilitate the work of the police and IT forensics when it comes to cracking people'sbiographical passwords. By using a dictionary that is built with the model, time-consuming attackssuch as brute-force attacks or more general dictionary attacks do not need to be applied. / Till varje hemsida, dator och IT-system finns användare som behöver verifiera sin identitet genomautentisering. Den vanligaste formen av autentisering är idag att applicera ett alfanumerisktlösenord. Lösenord bygger ofta på biografiska uppgifter som kan härledas från användaren själv ochvanliga element som brukar användas vid lösenordsgenerering är: namn, husdjursnamn, familj ochfödelsedatum. Samtidigt som lösenord idag ofta bygger på individens biografiska element har polisenproblem att knäcka krypterade enheter på grund av att det tar lång tid och är väldigt komplext attidentifiera rätt lösenord bland alla möjliga kombinationer. Detta problem ligger till grund för arbetetsamt är orsaken till varför denna modell för hur biografiska ordböcker ska vara strukturerade ochinnehålla skapas. För att utforma modellen har en litteraturöversikt genomförts där element hardefinierats och en struktur formats. Intervjuer med IT-forensiker från polisen och NFC hölls därefterför att förädla den initiala modellens olika element och struktur samt att skapa enverklighetsförankring. Resultatet av detta arbete är en slutprodukt i form av en modell som går attnyttja för att skapa biografiska ordböcker utifrån målpersoner. Modellen påvisar vilka biografiskaelement som är relevanta för att hitta potentiella lösenord. Slutsatsen som dras gör gällande attmodellen kan underlätta polisens och IT-forensikers arbete när det kommer till att knäcka personersbiografiska lösenord. Genom att nyttja en ordbok som är uppbyggd med modellen behöver intetidskrävande angrepp som ”brute force” attacker eller mer generella ordboksattacker appliceras. Biographical dictionaries password Cracking Dictionary attack police digital forensics. Biografiska ordböcker lösenordsknäckning ordboksattack Polis it-forensik. Information Systems
103	Identifying anti-forensics : Attacks on the digital forensic process Siljac, Stjepan January 2022 (has links) The area of digital forensics might be old but the idea that criminals or other organisations are actively working to hide their steps is somewhat new. Roughly a year ago, a company announced that they can actively exploit security flaws in a popular digital forensics suite, thus raising questions of validity of evidence submitted to court. It is not known if this exploit is being used in the wild but the mere thought of security issues existing in tools is a serious issue for law enforcement. This paper sets out to clarify the digital forensic process, what tools are used within the digital forensic process and what anti-forensic techniques are available on the market. Using the digital forensic process as a base, this paper produces a model that classifies anti-forensic techniques into realms and shows which realm affects which stage of the digital forensics process. The digital forensic process, anti-forensic techniques and the model was then tested in a Delphi-inspired study where questions regarding the digital forensic process and anti- forensic techniques was asked to digital forensic specialists as well as information security specialists. The goal of the Delphi-study was to reach a consensus regarding the foundations (process and techniques) and their internal relationships (as described in the model). The first part of this paper’s conclusion is that a digital forensic process should contain the following stages: Planning -> Identification -> Acquisition -> Analysis -> Presentation. The paper also concludes that there are several digital forensic tools available for a practitioner, both open and closed source, and that the practitioner uses a mixture of the two. Apart from the process and the tools used, this paper concludes that there are several anti-forensic techniques available on the market and that these could be used by any malicious user that actively want to disrupt the digital forensic process. A second conclusion is that the proposed model connects the stages of the digital forensic process with anti-forensic techniques though the use of realms. The proposed model can be used to develop anti-anti-forensics methods, processes or techniques. digital forensics digital forensic process digital forensic tools anti-forensics digital evidence Övrig annan teknik
104	Exploring IoT Security Threats and Forensic Challenges: A LiteratureReview and Survey Study Al Allaf, Abdulrahman, Totonji, Waseem January 2023 (has links) Internet of Things (IoT) devices have increased rapidly in recent years, revolutionizing many industries, including healthcare, manufacturing, and transportation, and bringing benefits to both individuals and industries. However, this increase in IoT device usage has exposed IoT ecosystems to numerous security threats and digital forensic challenges. This thesis investigates the most common IoT security threats and attacks, students’ awareness of them and their mitigation strategies, and the key challenges associated with IoT forensic investigations. A mixed-method approach is adopted in this thesis combining a literature review and a survey study. The survey assesses students’ knowledge of IoT security threats, mitigation techniques, and perceptions of the most effective ways to enhance IoT security. The survey also emphasizes the importance of user training and awareness in mitigating IoT threats, highlighting the most effective strategies, such as stronger regulations and improved device security by manufacturers. The literature review provides a comprehensive overview of the most common IoT security threats and attacks, such as malware, malicious code injection, replay attacks, Man in the Middle (MITM), botnets, and Distributed Denial of Service Attacks (DDoS). The mitigation techniques to these threats are overviewed as well as real-world incidents and crimes, such as the Mirai botnet, St. Jude Medical implant cardiac devices hack, and the Verkada hack, are examined to understand the consequences of these attacks. Moreover, this work also highlights the definition and the process of digital and IoT forensics, the importance of IoT forensics, and different data sources in IoT ecosystems. The key challenges associated with IoT forensics and how they impact the effectiveness of digital investigations in the IoT ecosystem are examined in detail. Overall, the results of this work contribute to ongoing research to improve IoT device security, highlight the importance of increased awareness and user training, and address the challenges associated with IoT forensic investigations. Internet of Things IoT security IoT threats IoT attacks Digital forensics IoT forensic IoT forensic challenges Cloud forensics Network forensics Computer and Information Sciences Data- och informationsvetenskap
105	Forensic Analysis of Footstep Data / Forensisk analys av fotsteg data Dugiev, Amiran, Cassé, Henrik January 2023 (has links) Digital forensics is a niche field of study that encompasses such things as extraction, analysis and presentation of digital information, that could be used to produce forensic evidence. There are several companies whose sole specialization is providing technical software solutions to detectives to help them quickly analyze retrieved devices that might contain evidence, instead of having to send the devices to forensic labs. However, there are still many areas that aren’t fully explored within the digital forensics industry, such as using personal health data. A factor that confounds this problem is that there are many different mobile devices running different operating systems and different versions of different applications. This report examines footstep data extraction and visualization on Android. Whether this data could be used as evidence according to law enforcement agencies is also investigated. Following a literature study to gain knowledge of the field of digital forensics, an experiment was conducted to gather data on a device through the Samsung Health application. This data was extracted and converted into a database, which was visualized using a prototype in the form of charts. Finally a technical trainer and former police oﬀicer was interviewed regarding whether the prototype could be seen as a proof-of-concept for future implementation among digital forensics solution providers. It was concluded that step data visualized in the form of graphs would be useful as forensic evidence for law enforcement detectives and juries. / Digital forensik är ett studieområde som omfattar extraktion, analys och presentation av digital information, som kan användas för att producera forensiskt bevis. Det finns flera firmor som specialiserar i att utrusta detektiver med mjukvarulösningar som kan analysera enheter som kan innehålla bevis, istället för att skicka enheten till ett forensiskt lab. Det finns dock många områden som inte är helt utforskade inom digital forensik, som användning av personlig hälsodata. En faktor som utökar detta problem är att det finns många olika mobila enheter som kör olika operativsystem med olika versioner av olika applikationer. Denna rapport undersöker fotstegsdata extraktion och visualisering på Android. Om denna data kan användas som bevis av rättsväsende blir också utforskat. Efter en litteraturstudie för att få mer kunskap inom digital forensik, utfördes ett experiment för att samla data på en enhet genom Samsung Health- applikationen. Detta data extraherades och konverterades till en databas, som visualiserades genom en prototyp i form av grafer. Slutligen intervjuades en teknisk tränare och ex-polis för att se om prototypen skulle kunna ses som ett bevis på att digital forensik skulle kunna implementera stöd för fotstegsdata i framtiden. Slutsatsen drogs att stegsdata visualiserat i form av grafer skulle vara användbara som forensiskt bevis för detektiver och juryer. Digital forensics Samsung Health Footstep data Data visualization Android Digital forensik Samsung Health Fotstegsdata Data visualisering Android Engineering and Technology Teknik och teknologier
106	Multimedia Forensics Using Metadata Ziyue Xiang (17989381) 21 February 2024 (has links) <p dir="ltr">The rapid development of machine learning techniques makes it possible to manipulate or synthesize video and audio information while introducing nearly indetectable artifacts. Most media forensics methods analyze the high-level data (e.g., pixels from videos, temporal signals from audios) decoded from compressed media data. Since media manipulation or synthesis methods usually aim to improve the quality of such high-level data directly, acquiring forensic evidence from these data has become increasingly challenging. In this work, we focus on media forensics techniques using the metadata in media formats, which includes container metadata and coding parameters in the encoded bitstream. Since many media manipulation and synthesis methods do not attempt to hide metadata traces, it is possible to use them for forensics tasks. First, we present a video forensics technique using metadata embedded in MP4/MOV video containers. Our proposed method achieved high performance in video manipulation detection, source device attribution, social media attribution, and manipulation tool identification on publicly available datasets. Second, we present a transformer neural network based MP3 audio forensics technique using low-level codec information. Our proposed method can localize multiple compressed segments in MP3 files. The localization accuracy of our proposed method is higher compared to other methods. Third, we present an H.264-based video device matching method. This method can determine if the two video sequences are captured by the same device even if the method has never encountered the device. Our proposed method achieved good performance in a three-fold cross validation scheme on a publicly available video forensics dataset containing 35 devices. Fourth, we present a Graph Neural Network (GNN) based approach for the analysis of MP4/MOV metadata trees. The proposed method is trained using Self-Supervised Learning (SSL), which increased the robustness of the proposed method and makes it capable of handling missing/unseen data. Fifth, we present an efficient approach to compute the spectrogram feature with MP3 compressed audio signals. The proposed approach decreases the complexity of speech feature computation by ~77.6% and saves ~37.87% of MP3 decoding time. The resulting spectrogram features lead to higher synthetic speech detection performance.</p> Audio processing Computer vision Image and video coding Image processing Pattern recognition Video processing Digital forensics Deep learning Deepfake detection Digital forensics Video forensics Audio forensics Video metadata Audio metadata H.264 MP3 MP4 Video manipulation detection Video compression Audio compression Decision tree Deep learning Dimensionality reduction Spectrogram Graph neural networks Neural networks Transformer neural networks
107	Developing a multidisciplinary digital forensic readiness model for evidentiary data handling Pooe, El Antonio 05 1900 (has links) There is a growing global recognition as to the importance of outlawing malicious computer related acts in a timely manner, yet few organisations have the legal and technical resources necessary to address the complexities of adapting criminal statutes to cyberspace. Literature reviewed in this study suggests that a coordinated, public-private partnership to produce a model approach can help reduce potential dangers arising from the inadvertent creation of cybercrime havens. It is against this backdrop that the study seeks to develop a digital forensic readiness model (DFRM) using a coordinated, multidisciplinary approach, involving both the public and private sectors, thus enabling organisations to reduce potential dangers arising from the inadvertent destruction and negating of evidentiary data which, in turn, results in the non-prosecution of digital crimes. The thesis makes use of 10 hypotheses to address the five research objectives, which are aimed at investigating the problem statement. This study constitutes qualitative research and adopts the post-modernist approach. The study begins by investigating each of the 10 hypotheses, utilising a systematic literature review and interviews, followed by a triangulation of findings in order to identify and explore common themes and strengthen grounded theory results. The output from the latter process is used as a theoretical foundation towards the development of a DFRM model which is then validated and verified against actual case law. Findings show that a multidisciplinary approach to digital forensic readiness can aid in preserving the integrity of evidentiary data within an organisation. The study identifies three key domains and their critical components. The research then demonstrates how the interdependencies between the domains and their respective components can enable organisations to identify and manage vulnerabilities which may contribute to the inadvertent destruction and negating of evidentiary data. The Multidisciplinary Digital Forensic Readiness Model (M-DiFoRe) provides a proactive approach to creating and improving organizational digital forensic readiness. This study contributes to the greater body of knowledge in digital forensics in that it reduces complexities associated with achieving digital forensic readiness and streamlines the handling of digital evidence within an organisation. / Information Science / Ph.D. (Information Systems) Digital forensics Forensic readiness Computer forensics Planning Investigation Risk management Evidence Cybercrime Multidisciplinary approach Triangulation Grounded theory Systematic literature review Qualitative research 005.87 Computer crimes Digital Forensic Science Computer security
108	Gestion des risques appliquée aux systèmes d’information distribués / Risk management to distributed information systems Lalanne, Vincent 19 December 2013 (has links) Dans cette thèse nous abordons la gestion des risques appliquée aux systèmes d’information distribués. Nous traitons des problèmes d’interopérabilité et de sécurisation des échanges dans les systèmes DRM et nous proposons la mise en place de ce système pour l’entreprise: il doit nous permettre de distribuer des contenus auto-protégés. Ensuite nous présentons la participation à la création d’une entreprise innovante qui met en avant la sécurité de l’information, avec en particulier la gestion des risques au travers de la norme ISO/IEC 27005:2011. Nous présentons les risques liés à l’utilisation de services avec un accent tout particulier sur les risques autres que les risques technologiques; nous abordons les risques inhérents au cloud (défaillance d’un provider, etc...) mais également les aspects plus sournois d’espionnage et d’intrusion dans les données personnelles (Affaire PRISM en juin 2013). Dans la dernière partie nous présentons un concept de DRM d’Entreprise qui utilise les métadonnées pour déployer des contextes dans les modèles de contrôle d’usage. Nous proposons une ébauche de formalisation des métadonnées nécessaires à la mise en œuvre de la politique de sécurité et nous garantissons le respect de la réglementation et de la loi en vigueur. / In this thesis we discuss the application of risk management to distributed information systems. We handle problems of interoperability and securisation of the exchanges within DRM systems and we propose the implementation of this system for the company: it needs to permit the distribution of self-protected contents. We then present the (our) participation in the creation of an innovative company which emphasizes on the security of information, in particular the management of risks through the ISO/IEC 27005:2011 standard. We present risks related to the use of services, highlighting in particular the ones which are not technological: we approach inheritent risks in clouds (provider failure, etc ...) but also the more insidious aspects of espionage and intrusion in personal data (Case PRISM in June 2013). In the last section, we present a concept of a DRM company which uses metadata to deploy settings in usage control models. We propose a draft formalization of metadata necessary for the implementation of a security policy and guarantee respect of regulations and legislation. ISO/IEC 27005:2011 Web Services WS security SOA Cloud Métadonnées Données personnelles Sécurité de l’information Entreprise innovante Investigation numérique ISO / IEC 27005:2011 Web Services WS security SOA Cloud Metadata Personal data Information security Innovative company Digital forensics
109	Porovnání výuky informační a kybernetické bezpečnosti v České republice a Jižní Koreji s návrhy na zlepšení / Comparison of education information and cybernetic security in Czech republic and South Korea with suggestions for improvement Šisler, Marcel January 2020 (has links) This diploma thesis deals with a suggestions to improve the current state of education information and cyber security in the Czech Republic. These suggestions are from a comparison of education at the Brno University of Technology - Faculty of Business and Hallym University in South Korea. Another part is the analysis of trends in the field of cyber attacks and comparison of this area between the Czech Republic and South Korea.
110	Går det att köpa personuppgifter på bilskroten? : Ett arbete om digital forensik på begagnade bildelar Börjesson, Holme, Lindskog, Filiph January 2020 (has links) I moderna bilar lagras ofta data från användaren av bilen då en mobiltelefon eller annan enhet parkopplas genom Bluetooth- eller USB-anslutning. I de fall dessa data innehåller personuppgifter kan de vara intressanta i en utredning samt vara värda att skydda ur ett integritetsperspektiv. Vad händer med dessa data då bilen skrotas? När en bil skrotas monteras den ner och de delar som går att tjäna pengar på säljs av bildemonteringsföretaget. Det kan gälla allt från stötdämpare, hjul och rattar, till elektroniska komponenter och multimediaenheter. I detta arbete utvanns personuppgifter ur tre sådana begagnade multimediaenheter som köpts från bildemonteringar. Den mest framgångsrika metoden var att avlägsna rätt lagringskrets från multimediaenhetens kretskort och utvinna dess data genom direkt anslutning. I samtliga fall har informationen varit strukturerad i ett bekant filsystem vilket kunnat monteras. I alla tre undersöka multimediaenheter utvanns personuppgifter. Resultatet visar att det finns brister i hanteringen av personuppgifter då en bil skrotas. / In modern vehicles, data from the user of the vehicle is often stored when a mobile phone or other device is paired through Bluetooth or USB connection. In cases where this data contains personal data, they may be of interest in an investigation and may be worth protecting from a privacy perspective. What happens to this data when the car is scrapped? When a car is scrapped, it is dismantled and the parts that can be made money from are sold by the scrap company. This can be anything from shock absorbers, wheels and steering wheels, to electronic components and infotainment devices. In this report, personal data was extracted from three such infotainment devices purchased from scrap companies. The most successful method was to remove the correct storage circuit from the infotainment device circuit board and extract its data by direct connection. In all cases, the information has been structured in a familiar file system which could be mounted. In all three investigated infotainment devices, personal data were extracted. The result shows that there are deficiencies in the handling of personal data when a car is scrapped. digital forensics vehicle forensics embedded systems forensics personal integrity chip-off IT-forensik bilforensik forensik på inbäddade system personlig integritet chip-off Computer Systems Datorsystem Embedded Systems Inbäddad systemteknik

Search results